diff options
author | smitsohu <smitsohu@gmail.com> | 2021-01-20 02:55:51 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-01-20 14:36:32 +0100 |
commit | e6adf8150fef150e0d32ee22ae3d0005e82a8dd2 (patch) | |
tree | 6f2b33a43c197609bca7ded99081ba8e9ec18170 /src | |
parent | Add 'seccomp-error-action log' to profile.template (diff) | |
download | firejail-e6adf8150fef150e0d32ee22ae3d0005e82a8dd2.tar.gz firejail-e6adf8150fef150e0d32ee22ae3d0005e82a8dd2.tar.zst firejail-e6adf8150fef150e0d32ee22ae3d0005e82a8dd2.zip |
private-lib: search executables in $PATH
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_lib.c | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index a5c005931..ae3172991 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -33,6 +33,52 @@ extern void fslib_install_system(void); | |||
33 | static int lib_cnt = 0; | 33 | static int lib_cnt = 0; |
34 | static int dir_cnt = 0; | 34 | static int dir_cnt = 0; |
35 | 35 | ||
36 | static char *find_in_path(const char *program) { | ||
37 | EUID_ASSERT(); | ||
38 | if (arg_debug) | ||
39 | printf("Searching $PATH for %s\n", program); | ||
40 | |||
41 | char self[MAXBUF]; | ||
42 | ssize_t len = readlink("/proc/self/exe", self, MAXBUF - 1); | ||
43 | if (len < 0) | ||
44 | errExit("readlink"); | ||
45 | self[len] = '\0'; | ||
46 | |||
47 | char *path = getenv("PATH"); | ||
48 | if (!path) | ||
49 | return NULL; | ||
50 | char *dup = strdup(path); | ||
51 | if (!dup) | ||
52 | errExit("strdup"); | ||
53 | char *tok = strtok(dup, ":"); | ||
54 | while (tok) { | ||
55 | char *fname; | ||
56 | if (asprintf(&fname, "%s/%s", tok, program) == -1) | ||
57 | errExit("asprintf"); | ||
58 | |||
59 | if (arg_debug) | ||
60 | printf("trying #%s#\n", fname); | ||
61 | struct stat s; | ||
62 | if (stat(fname, &s) == 0) { | ||
63 | // but skip links created by firecfg | ||
64 | char *rp = realpath(fname, NULL); | ||
65 | if (!rp) | ||
66 | errExit("realpath"); | ||
67 | if (strcmp(self, rp) != 0) { | ||
68 | free(rp); | ||
69 | free(dup); | ||
70 | return fname; | ||
71 | } | ||
72 | free(rp); | ||
73 | } | ||
74 | free(fname); | ||
75 | tok = strtok(NULL, ":"); | ||
76 | } | ||
77 | |||
78 | free(dup); | ||
79 | return NULL; | ||
80 | } | ||
81 | |||
36 | static void report_duplication(const char *full_path) { | 82 | static void report_duplication(const char *full_path) { |
37 | char *fname = strrchr(full_path, '/'); | 83 | char *fname = strrchr(full_path, '/'); |
38 | if (fname && *(++fname) != '\0') { | 84 | if (fname && *(++fname) != '\0') { |
@@ -350,7 +396,18 @@ void fs_private_lib(void) { | |||
350 | if (cfg.original_program_index > 0) { | 396 | if (cfg.original_program_index > 0) { |
351 | if (arg_debug || arg_debug_private_lib) | 397 | if (arg_debug || arg_debug_private_lib) |
352 | printf("Installing sandboxed program libraries\n"); | 398 | printf("Installing sandboxed program libraries\n"); |
353 | fslib_install_list(cfg.original_argv[cfg.original_program_index]); | 399 | |
400 | if (strchr(cfg.original_argv[cfg.original_program_index], '/')) | ||
401 | fslib_install_list(cfg.original_argv[cfg.original_program_index]); | ||
402 | else { // search executable in $PATH | ||
403 | EUID_USER(); | ||
404 | char *fname = find_in_path(cfg.original_argv[cfg.original_program_index]); | ||
405 | EUID_ROOT(); | ||
406 | if (fname) { | ||
407 | fslib_install_list(fname); | ||
408 | free(fname); | ||
409 | } | ||
410 | } | ||
354 | } | 411 | } |
355 | 412 | ||
356 | // for the shell | 413 | // for the shell |